Is there any attack that actually works nowadays?

I started taking an ethical hacking course and it hasn’t taken much for mento realize that most of (if not all) of the attacks are only working in theory but not in real life.

Here’s what I mean: -ARP spoofing only works with HTTP and nowadays 90% of the websites that people usually visit (Facebook, gmail, google, Reddit etc) are using HTTPS.

-any malware application that you make if you’re good enough with social engineering to have someone download the .exe file and open it then it will have windows defender warning about the not secure developer and if you’re good enough with Python then maybe you have a chance to write yourself your own backdoor that since it was never used before maybe it won’t be intercepted by an antivirus

-WPA is obsolete and most of modern routers now use WPA2 which is practically uncrackable if people leave it set at default (which most people just do) and if they change it you have to be lucky enough that they chose a stupid password that is inside some word list otherwise you have no chance

And so on...

So is hacking still possible today?

And by hacking I don’t mean stupid scams or phishing emails (that also most likely will just fall in the spam folder)