If you have a particular question beyond a general "can computer security be breached?" — the answer to that being "yes, given enough time and funding, or given knowledge of passwords, and/or given physical access and/or badly down-revision software", some more details on whatever matter you're particularly concerned with would help.
If there's a firewall involved — and as is commonly configured with most any home networks — remote access is further constrained by the firewall. Firewalls and most any device providing IPv4 network address translation (NAT) will block any remote access attempts. Down-revision firewalls and specifically- or insecurely-configured firewalls can allow remote access.
If this is an existing macOS installation that's been previously exposed — passwords have become known, physical hardware access has been available to attackers, social engineering has allowed an attacker to insert a backdoor, malware was previously installed, etc — then the usual path is to wipe the disk and reinstall everything from known-good distributions, and to use only and entirely new passwords on all newly-created users added onto the newly-installed system.
Social engineering is remarkably effective at gaining access to many systems. That's how many folks are breached. Some Word document arrives via mail message attachment and with malicious macros and macros enabled, or some downloaded tool is installed and then run.
Fear and paranoia — that also a form of social engineering — can often serve to increase sales of certain sorts of products and services, and also as a means to unintentionally introduce security problems as some of the add-on packages have had security vulnerabilities, and also as a means to get folks to install actually-malicious software.
I've worked with several that have ended up on the wrong end of remote-support scams, too. Either due to phone calls reporting problems with the computer, or folks that perform searches for answers to problems or concerns that they might have and specifically searches that end up on web sites intended to ensnare those folks into scams. Into calling for help and providing access, and/or downloading and installing a malicious remote-help tool of some sort.
I've also encountered some cases where other local folks happen to gain access or gain unintended access to local computers, and the folks then intentionally or unintentionally install insecure or malicious code, intentionally or unintentionally expose passwords, or otherwise intentionally or unintentionally reconfigure the system to allow their own or unrelated remote access. Some folks will intentionally install keyloggers, spyware or other unauthorized packages or malware. Kids installing sketchy or hacked games or tools, for instance.
Given you're seeing unexpected entries in the browser history and this based on replies posted elsewhere, the access path usually then involves screen sharing and that's less than easy to establish that connection when there's an intervening firewall (unless it's local access from your own local network), or there's been a remote management package or RAT tool installed, or it's somebody with local access to the effected system.
Digital certificates don't typically grant any access into a client device, such as a MacBook Air running macOS. Those certificates secure and authenticate TLS connections into remote servers and typically into web servers, and some specific certificates – those specifically issued by Apple — can control which downloaded add-on apps are considered to be signed and trusted.
Bluetooth propagates tens of meters and variously much less, so any exposure there is localized. DUN is for tethering, typically allowing a device to connect through to the Internet via an Internet-capable cellphone. Credentials and a network path in through any intervening firewall is still required to even reach a MacBook Air running macOS, an then access into the Mac.
As for issues involving harassment, that's best discussed with local law enforcement folks.
If the situation has already been remediated through reinstallation and reloading and you're interested in delving deeper into network security and computer system security and/or cryptography, there are resources available to help further secure systems (and I and others can provide some pointers there), but the most fundamental steps involve good passwords and frequent backups, and some skepticism around what can or should be installed on the local computer.
If you're affiliated with an organization that handles or that has access to financial data or other sorts of sensitive data, you'll want to contact your organization's security folks for their assistance, and applicable suggestions, requirements and policies.
But again, do you have a specific question?