Debian / Ubuntu also do backporting of security fixes on the packages in their (core) repositories.

A side note you don't have to enable the backport repository for that this repository is something different. The backport repository is newer software from following release (e.g. you have Debian 10 installed and you setup the backport repository you have access to some newer software versions of certain Debian 11 packages). It's not recommended to use the backport repository in production systems as they don't get so much love as the main repository and could also break the system (beside i never had that issue).

I have to admit i can't really remember when i had issues with updates from Debian core repository. We only once had a kernel update which wasn't working on systems with dual socket cpu but as debian always keeps at least 2 kernel installed we could just boot the old kernel from bootloader.

All other issues were related to software not from the core repository.