There are various dangers on the Internet, all of them emanating from hackers. A distinction can be made between attacks that are directed at you as a person, so-called social engineering attacks, and attacks that want to exploit technical errors.
The most widespread danger at the moment are phishing attacks that either want to smuggle malware onto your device or direct you to a fake website, e.g. that of your bank, in order to access sensitive data. There are pop-up and advertising windows on the Internet that basically try to do the same thing. There are always security gaps in your browser software that are patched with new updates (so-called patches). If you do not install these immediately, you run an increased security risk, as hackers will know about the security gaps at the latest when the new browser version is released. There are dubious websites on the Internet (to which some phishing emails also lead) that install malware on the device in the background when the page is called up (so-called drive-by downloads). These websites mainly exploit security vulnerabilities.
A constant security vulnerability is the scripting language JavaScript, which is, however, required for many websites to function. One protection option would be to activate JavaScript only for certain websites.