Microsoft strikes another nail in the SHA-1 coffin with the announcement that all updates that had been signed using SHA-1 hash will be removed from the Microsoft Download Center.
OpenSSH will soon deprecate the use of SHA-1 because of the risk of specific attacks against the algorithm.
A chosen prefix collision in SHA-1 has demonstrated a new issue with the venerable hash function developed by the NSA.
The question about shortening the validity period for TLS certificates is back in front of the CA/Browser Forum again. CAs still oppose it and browser makers are still for it.
Cloudflare and several other members have formed the League of Entropy to offer a quorum of public randomness beacons.