A flaw in the keypair library that caused it to generate weak RSA keys for SSH has caused GitHub and other services to revoke many organizations' keys.
The SolarWinds breach, ransomware epidemic and other threats have emphasized the urgent need for more resilient systems.
Microsoft strikes another nail in the SHA-1 coffin with the announcement that all updates that had been signed using SHA-1 hash will be removed from the Microsoft Download Center.
OpenSSH will soon deprecate the use of SHA-1 because of the risk of specific attacks against the algorithm.
A chosen prefix collision in SHA-1 has demonstrated a new issue with the venerable hash function developed by the NSA.