We have broken SHA-1 in practice
Summary
A practical SHA-1 collision attack demonstrates two PDFs with the same SHA-1 digest, enabling signature abuse and file integrity issues. The piece discusses affected domains (certificates, code signing, software updates, VCS), advises migrating to SHA-256/SHA-3, and outlines detection and mitigation strategies.