Bleeping Computer

Exploited Windows zero-day lets JavaScript files bypass security warnings

An update was added to the end of the article explaining that any Authenticode-signed file, including executables, can be modified to bypass warnings. A new Windows zero-day allows threat actors to ...
Ars Technica

How to scan a local folder for files using javascript?

JS probably isn't the way to go. Probably a better way would be to write an app with an embedded IE window.