From Bruce Schneier…
https://www.schneier.com/blog/archives/2020/01/new_sha-1_attac.html
Looks like there’s a new collision attack that reduces the work another notch. It was clear before that SHA-1 is a no longer viable…this just makes it clearer.