I haven’t heard of any such cases, but it is a smaller pool of users. Also, many desktop Linux users know more about using a computer than other operating system users, since it’s less common for Linux to come preinstalled. So that may affect it, too.
I imagine vulnerabilities with the Linux kernel or common utilities do apply to desktop users as well, which is a good reminder why staying up-to-date is important. But to my understanding, exploiting remotely would need a way of sending data to the target. And most desktop computers won’t have ports open to the internet for anyone like servers will.
I know that Wayland’s design does make it more difficult for a user-mode program to act maliciously, like as key-loggers or reading the clipboard.
All good! You’re still totally right; outside of the context, Linux has quite the user base with servers, embedded devices, and even phones, if we count Android. I think that’s relevant because it means we can’t rely on “security by obscurity”.