Chen and Biham were due to report some attacks on SHA-0 this week at Crypto. Last week, it was reported that Antoine Joux had extended this work into a full scale method for finding collisions in SHA-0 with time complexity of 2^51, and would also be reporting his results at the conference.
Ed Felten is now reporting that a rumor has started at Crypto that someone has further extended the Joux attack to an attack on SHA-1 and may announce the details at conference later in the week. Since SHA-0 is only of academic interest but SHA-1 is deployed in lots of cryptosystems, this is naturally getting lots and lots of buzz.
As a side note, if this proves to be true, even if it is only a certificational weakness, it will be very embarrassing to the NSA. It is almost certainly the case that they would not release an algorithm that they knew had even a certificational weakness, thus implying that if there is such an attack, they did not know about it when they corrected SHA-0 into SHA-1.
It is unclear how such a break would impact HMAC when used with SHA-1 without knowing more details, if there are any details. Stay tuned.