Operating systems and the software that comes with them are a fat target for security problems. There's "new hardware" in turns of new phones, laptops and the core components of desktops but also peripherals from things you plug into USB and things like watches and AirPods that you might want to use with your existing phone. Both Linux and Windows run on generic hardware so they need to handle whatever AMD, Intel, Dell, etc. throw at them -- look at how Ubuntu is always coming out with new releases and occasionally makes one that is LTS.
Everyone wants to complain about the "bloat" in Windows and macOS (and fair enough, there is a lot of bloat and cruft) but blame it all on capitalism, when Linux has kept apace in growth rate the whole time. My Linux installs have been 'round about 50% the size of my Windows installs these last 15 years, never really straying far. If we ask ourselves, "Why does Linux need to keep growing?", I think we can easily see that OS churn and growth is not just "shareholder value gotta go up."
Plus when speaking about peripherals, you've got things to deal with like DMA for Thunderbolt devices and a constant stream of creative new ways to poorly implement USB to contend with. Not only is the target moving, but so is the archer and both are inclined towards sudden nonsensical moves.
