For the average user not doing anything illegal online, the risk may seem quite low, but with modern hacking nobody is safe. Hardware is often breached and unknown to the general public, with the infamous CIA 'Day-Zero' attack methods becoming popular in recent years, there really is little that's trustworthy online. Even recently there is more and more evidence that companies are spying on their customers; the HP keyloggers for example. At this point it's unknown whether these keyloggers were put in by the manufacturer, distributor, or retailer. But the risk is the same; anything you type can be recorded.
Software breaches are by far the most common method of attack for the average home user; installing or clicking on something from an unknown source. Popup ads are common everywhere online, and often contain malicious software which infects a computer quickly and effectively. Using an adblocker like uBlock Origin is always recommended, but many sites are starting to get around this by denying content until the blocker is disabled. If a site asks you to unblock it, then it's likely worth just going somewhere else for the information.
Of software attacks, the most prevalent is through phishing, mainly from email attachments. This method is favoured by malicious users worldwide as they are easy to set up, and require little input once set. Only a few in a thousand will get clicked, but the 'wide net' approach is historically one of the best for targeting large groups. Phishing is the art of replicating a trusted page or email, with a malicious link attached instead of the normal one. By far the best way of avoiding these attacks is by educating users on what to look out for. Phishing is the gateway in which most attacks occur, and leads to the serious attacks like ransomware.
Ransomware is currently in the news often, as the rise in ransomware attacks is huge compared to previous years. In a nutshell, ransomware encrypts the drives of a computer until the user pays to have it unlocked, usually by anonymous Bitcoin transfers. These attacks mostly target businesses, and are one of the main cash-cows for hackers.
Tracking may not be classed as a danger, but in most respects it can be used as a danger. GPS tracking on phones, Wi-Fi network tracking on Android, Snapchat locations, Exif data on uploaded photos, IP tracing, even remote access to microphones or webcams can be done quickly if security is lax. These are major breaches of privacy, and can often lead to more dangerous aspects of cyber attacks. Snapchat location was famously the cause of alot of bullying across the globe, as people can simply look on a map to where a person is. This was changed quickly to 'allow only' but the method of tracking is still present in the system. On the less personal level, tracking is majorly used by companies for targeted advertising, and is seen by many as a breach of privacy.
It's highly unlikely that a targeted attack would occur to any specific user (i.e. being 'hacked') but it is still a possibility. Remember not to give out any data online, and never agree to anything you haven't read beforehand. And as always, its important to note that 'black hat' hackers are comparable to people who break into houses; if your house is well defended, they will move onto the next, less secure one.