Google has announced that they found a collision using two different documents which did generate the same SHA-1 hash value. You can read more about the details here: SHA-1 collision
Glad that XML ValidatorBuddy supports SHA-256, SHA-384 and SHA-512 hash algorithms and you can use them to sign and verify your XML documents in a more secure way.
Simply select any SHA-2 algorithm in the editor on signing XML data. SHA-2 is supported for RSA and HMAC keys as well as for key pairs stored in certificates:
Of course, all SHA-2 algorithms are also supported on verifying your XML documents.