Google security team just announced that they have broken SHA-1 in practice. This result is the product of a long-term collaboration between the CWI institute and Google’s Research security, privacy and anti-abuse group.
It is now practically possible to craft two colliding PDF files and obtain a SHA-1 digital signature on the first PDF file which can also be abused as a valid signature on the second PDF file.
Product Hunt Twitter