Actually it is very well imaginable that your OS is compromised.
Nothing stops malware from generating transactions and sending them to your ledger for your to accept/verify them.
A locktime of 1 could mean that the person creating the malware/transaction simply just wanted to have the tx to be confirmed as fast as possible (i.e. can be confirmed in the next block) without checking the current block etc.
The safety which comes from using a hardware wallet is, that the transaction details shown to you on the HW screen can not be manipulated and that you actively have to confirm the transactions by pressing a button.
But if your OS is compromised, he definitely can just create transactions and send them to your HW wallet in hope for you to accept them. Waiting until one is created by electrum seems a not too dumb move which might have caught some people off-guard.
And honestly i'd think that your OS is compromised, than that this is a bug from electrum and/or ledger.
Thank you for your answers.
Indeed, when I make any transaction I assume my OS is compromised so I check properly the details on my screen.
Even in this case, I did check them properly (the proof being that the first intended transaction was properly sent).
The only way for me to accidentally accept another transaction would be after pressing the "Validate transaction" for the first one, to press "accidentally" a few times the right button without looking at the new transaction details and then validate it by pressing both buttons, which, while not impossible, is very hard to believe ...
I'm still scratching my head on this btw, so if someone at least has other ideas on how it might have happened (even assuming compromised OS etc) please let me know.