From Bruce Schneier:
SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.
The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper announcing their result
SHA is a US standard hash function which is used in a lot of security application. (SHA-1 is also published as RFC 3174). How bad this news depend how easily to find the collision but we dont know until the papers are made public; But according to Bruce, looks like it still requires some brute-force but just (a lot ) less of it.
