Google puts another nail in the coffin for SHA-1. They already moved from using SHA-1 on their products but there are still a lot of places where is used by default.
In a post on the Google Online Security Blog Announcing the first SHA1 collision Google researchers claim that they have a good way of finding collisions for SHA-1.
As they state:
we will wait 90 days before releasing code that allows anyone to create a pair of PDFs that hash to the same SHA-1 sum given two distinct images with some pre-conditions.
This is a strong advice to move to SHA-256 and consider SHA-1 as unsecure.