Contrary to popular belief there is still a security risk when running VM's. The major risk is in the network connectivity between the host and VM (e.g. sharing files between the host and VM).
If you run a Linux guest OS on the VM, then the risk is reduced, simply because there isn't as much Linux-based malware, but also because you usually never use the OS as a root user. Having said that, there are a handful of cross-platform malware that infect both Linux and Windows, for example BadBunny, but these are very rarely seen nowadays.
My recommendation is to always keep the Guest OS updated, and to install anti-virus/malware software on both.