The Superhub default admin password has never been "virgin", that goes as far back as the superhub 1 which is quite a few years old now.
Posts by Singe
4 publicly visible posts • joined 6 Nov 2014
Virgin Media router security flap follows weak password expose
Rovnix Trojan infection outbreak infects 130,000 machines in Blighty
Re: Example attacks
I can't provide specific examples, but as you're using a Linux distro as your browsing OS, you have, by default, significantly reduced the impact of malware delivered over the browser. Most malware still targets Windows users, simply because it's a lot easier. That's not to say other operating systems are less vulnerable, just less so.
Having said that, the pain of dealing with NoScript IS worth it in my opinion. It does, to my annoyance sometimes interfere with some sites I regularly visit, but in fairness, clicking on the NoScript button at the bottom of the browser usually sorts it out quickly. As it frequently updates though, and you have to admire the developer for the frequency of the updates, what you have allowed in the past may break, albeit briefly.