I get that there won’t be any security updates. So any problem found can be exploited. But how high is the chance for problems for an average user if you say, only browse some safe websites? If you have a pc you don’t really care much about, without any personal information? It feels like the danger is more theoretical than what will actually happen.
Or… are there any examples of people (not corpos) getting wrecked in the past by an eol OS?
Check out shodan.io Search your own IP. There are plenty of state actor tools that do the same thing. vulnerable systems are targeted because they’re vulnerable, not because there’s a payout. Most of the time you’d just automate the attacks with something like msfconsole and a ruby script.