Today, you can find more online security tips in a few seconds than you could use in a lifetime. While this collection of best practices is rich, it’s not always useful; it can be difficult to know which ones to prioritize, and why.
I've never seen software updates as a security risk, but I am sometimes hesitant to update things that work just fine because newer versions aren't always better. Look at utorrent. The older versions work great and lack the advertising in the newer versions. Something like a Firefox or Java update is probably a good idea to stay current on though.
I switched to qbittorent just because of the uttorent update
If you use a sufficiently old version of any browser or Java or Flash I can guarantee that any reasonably motivated hacker could find an exploit that'll work for it.
Password managers aren't a good idea, as they just introduces another point of failure. Think about the lastpass hacks, for example. A single hack can now compromise all of your accounts instead of just one. Better to keep your passwords simple, or (and this is my favourite) use an algorithm that converts a normal password into 'gibberish' depending on the site url. It's not much work, as there are things like https://www.pwdhash.com/ which do all the work for you.