The algorithm SHA-1 commonly used to sign executable file code and TLS and SSL certificates are used on websites to authenticate a publisher.
In 2015, security researchers published a report which describes in detail how SHA-1 is vulnerable to attacks that could allow intruders to forge digital certificates to impersonate a company or other site.
These forgeries could then be used in phishing attacks, corporate forgeries or man-in-the-middle attacks.
"The SHA-1 is an old cryptographic hash that many in the security community believe is no longer secure. The use of the algorithm SHA-1 digital certificates could allow an attacker to falsify content, carry out phishing attacks or man-in-the-middle attacks. "