A few hours after posting that, he goes on to post this:
If you use a Ledger or hardware wallet with clear signing, you are not at risk. My tweet above is warning people who do not use a hardware wallet with clear signing of the risk. Always review every transaction before you sign.
I don't know if it is what i am thinking, but sounds like a marketing campaign, trying to promote and sell ledger devices.
I suspect it to be marketing, because he is is unclear what the exploit is. And he also said this: 'it is u clear whether the attacker is also stealing seeds from software wallets directly at this stage', how is this possible, seeds stored where and from what software wallet? The warning does not make too much sense right now.