SHA-2 uses a Merkle-Damgard construction like SHA-1 does, but is not widely believed to be vulnerable to the same attacks. SHA-3 was developed and standardized in part to mitigate future breaks in SHA-2, but those breaks have (so far) not materialized[1].
TL;DR: If all you need is a fast cryptographic digest, SHA-2 is still the gold standard. If you care about length-extension attacks, SHA-3's construction prevents them. If you're hashing passwords, you should use a KDF instead.
Truncated SHA-2, eg SHA-512/256, has some resistance against length extension attacks[1] while non-truncated has none, so wouldn't that be the gold standard?
edit: Thinking a bit more, I guess there are a lot of interesting cases which are not prone to length extension attacks where the full SHA-512 would be better.
Looked at a 6 byte hash today. Modifying the hash or the data attached to it made the API respond with an error saying untrusted input. The data is an encrypted blob and the hash protects it from being tampered with.
My guess is that it’s a truncated md5(secret + data) or hmac. Either way, with a sufficient long a secret, I won’t be able to guess it (offline), and because of the truncation, length extensions also out of the question.
With only 48 bits of entropy, I can’t shake the feeling that there are practical attacks I have not considered.
This was definitely January 2020 (January 7th, a Tuesday, per the Ars Technica article); I think the 2019 confusion is because that is when they disclosed the attacks to the related projects.
How are other algorithms fairing recently, anything else started tumbling over in the last few years?