A proof-of-concept attack has been pioneered that fully and practically breaks the Secure Hash Algorithm 1 (SHA-1) code-signing encryption. Users of GnuPG, OpenSSL and Git could be in danger from an attack that s practical for ordinary attackers to carry out. The attack is much less complex and cheaper than previous PoCs, it places such attacks within the reach of ordinary attackers with ordinary resources. SHA-1 has been broken since 2004, but it is still used in many security systems.
Source: https://threatpost.com/exploit-fully-breaks-sha-1/151697/