I don’t agree with avoiding stable distros. In the case of Debian for example stable gets priority on security patches. Just subscribe to the security mailing list and have auto updates on.
Also download any disto or bleeding edge container and scan it and you’ll have vulnerabilities in some library. The ecosystem is always moving. The question is how exposed are you.
Use a firewall, secure your browser and whitelist sites you trust to run JS. Stick to repos. Scan downloaded files via virus total or open In a vm. Dont install what you dont need.
You are far more likely to get compromised in a site breach than to get hacked. The browser is the main attack vector that you need to secure.
Also dont run servers if you dont know what you are doing. Use a non networked VM to practice.
Dont blindly paste commands and be sure to read the source before you compile and run some random program.