Automatic updates ARE working...when there are no bugfixes.
The key piece of information that you are missing is that there is a random delay in the installation of security updates.
Your preferences states that you want security updates installed automatically, and that you want to be notified immediately for bugfixes (other updates).
Let's run through a couple scenarios.
Your system checks and discovers 0 bugfixes and 2 security updates. The system won't notify you, and later that day installs the 2 updates automatically.
Your system checks and discovers 2 bugfixes and 2 security updates. Since Unattended Updates has not run yet, the system will notify you of all 4 updates.
Further. lets pretend that you DON'T install the updates. Later that day Unattended Upgrades will run, installing the security updates. Tomorrow you will be prompted to install only the two bugfixes.
After you have been logged in for several hours, apt checks (it's not just at startup!) and discovers 0 bugfixes and 1 security update. This is a repeat of case #1 -- Unattended Upgrades will install it later without telling you.
Here's how to see when apt will check for updates, and when apt will run Unattended Upgrades. The difference is that delay, of course:
$ systemctl list-timers | grep apt
Sat 2023-03-04 06:03:58 CST 10h left Fri 2023-03-03 06:31:24 CST 13h ago apt-daily-upgrade.timer apt-daily-upgrade.service
Sat 2023-03-04 14:56:58 CST 19h left Fri 2023-03-03 19:35:54 CST 20min ago apt-daily.timer apt-daily.service
If you want to add -updates to Unattended Upgrades, you can edit the config file /etc/apt/apt.conf.d/50unattended-upgrades to make that happen.
Look for the line // "${distro_id}:${distro_codename}-updates"; and simply uncomment it.
